The EU is not ready for the harm artificial intelligence will cause. Artificial intelligence systems are already making decisions that affect daily lives yet the law across Europe still struggles to decide who is responsible when these systems cause harm. A new study for the European Parliament argues that the current rules are failing and calls for clear civil liability for AI systems.

Share

How civil liability for artificial intelligence systems is (not) being addressed across the European Union

If AI hurts you today, you are on your own.

The effort to address civil liability for artificial intelligence systems within the European Union has been marked by a slow and deliberate evolution.

The starting point is recognizing that most civil liability rules in Europe are built around principles that have existed for decades.

These principles assume that harm is caused by an identifiable person who can be shown to have acted carelessly or in breach of a duty.

In the world of artificial intelligence, that assumption is strained, particularly when systems operate in ways that are not fully transparent to those who design, deploy or regulate them.

As a new study commissioned by the European Parliament explains, the European Union has already introduced a patchwork of legal instruments that touch on liability, consumer protection and product safety.

These include the revised Product Liability Directive and the AI Act, which is at the centre of the EU’s broader regulatory architecture for high risk systems.

Together these instruments seek to impose a higher standard of care on those who place advanced systems on the market.

They are intended to ensure that when damage occurs, there is a clear legal path for those who have been harmed.

Yet, the study makes clear that even with these measures, there remains a gap between what these frameworks can provide and the realities of harm caused by artificial intelligence.

The challenge lies in the fact that national civil liability regimes are not harmonised.

Some Member States operate strict liability regimes for hazardous activities while others place a stronger focus on negligence.

This difference becomes significant when an AI system affects people or property in several jurisdictions at once.

Without coordination, a single event can give rise to several proceedings and conflicting outcomes, undermining confidence in the justice system and frustrating those who seek redress.

In the past few years the Commission has begun to propose reforms to reduce this gap.

One area of reform is the introduction of a specific civil liability regime for artificial intelligence that would create a presumption of causation when certain conditions are met.

AI and Civil Liability

This would mean that a victim does not always need to demonstrate the exact chain of events that led to the damage, a task that can be extremely difficult where complex tort systems are involved.

Alongside this, the EU is exploring whether a stricter liability regime is justified for high risk applications.

The idea that emerges from the study is that systems which can cause severe harm if they fail, such as those in health care, public infrastructure or critical services, should be subject to rules that are clearer and more consistent.

In practice this means a move away from fragmented national approaches and towards an EU level regime that provides certainty.

The document goes further by stressing that the success of this approach depends on having a single responsible operator.

This operator is the person or entity who exercises control over how the system is used and maintained.

It is this person who must bear liability in the event of harm, ensuring that victims are not forced to pursue a chain of actors in order to obtain compensation.

Across the EU, there is now a steady movement towards this model.

It is influenced by the recognition that a clear allocation of responsibility is necessary for fairness.

It also builds trust in artificial intelligence because people know that the legal system will respond effectively when things go wrong.

Report Background

The European Parliament asked its Policy Department for Justice, Civil Liberties and Institutional Affairs to examine how the law of civil liability should respond to artificial intelligence.

The study that followed provides a clear account of why the existing frameworks in Europe are not well suited to deal with harm caused by these systems and why there is a need for a more uniform approach across the EU.

At the centre of the study is a concern that the current rules differ too much between EU Member States.

These differences risk leading to uncertainty when an AI system causes loss in cross‑border settings.

The report therefore begins by setting out how liability rules work today and why they do not offer enough clarity when advanced software and decision systems are involved.

It goes further to review the changes that are already underway at the level of EU law, in particular the initiatives that sit alongside the proposed Artificial Intelligence Act.

An important part of the study relates to high risk systems. These are systems that have the capacity to affect essential services, sensitive data, health or financial interests of individuals.

The study supports the use of strict liability for these systems so that the victim does not have to prove fault. This is a deliberate approach.

It recognises that proving fault when the harm results from a complex, opaque and partly autonomous process is extremely difficult.

This recommendation is also linked to the objectives of efficiency and harmonisation.

Efficiency is achieved because disputes are settled more quickly when liability is clear from the outset.

Harmonisation matters because AI systems do not stop at borders and a single system may operate across several EU Member States at the same time.

The study calls for legal rules that do not depend on the chance location of the damage.

The new EU regime

The study commissioned by the European Parliament argues that the traditional reliance on fault based systems will no longer be adequate when artificial intelligence systems cause harm.

The new policy centres on strict liability rules, with a focus on high risk systems.

This approach marks a clear change from procedural interventions and fault based reasoning to a regime that prioritises predictability, victim protection and harmonisation across the European Union.

TechLaw

Legal Analysis: Can AI Be Criminally Liable?

Around the world, prosecutors are circling, and in some cases, people are already being charged for what their AI systems did. World legal systems are catching up with reckless automation, and the consequences are real: injury, death, and yes, prison time. In this article, we explore how criminal liability is entering the AI age, what cases are already …

Read more

3 months ago · 11 likes · 8 comments · TechLaw

The concept is relatively simple but the implications are significant. When a high risk system causes damage, liability would not depend on proving whether a particular person acted without due care.

Instead, a dedicated framework would identify the person or entity who is in control of that system and who benefits from it. That party would then be liable.

This removes the uncertainty of trying to demonstrate what went wrong and who is responsible when complex systems interact with human behaviour.

It creates a direct link between control, benefit and accountability.

The study explains that the term high risk systems is closely aligned with the categories already set out in the AI Act.

These systems include those that operate in critical environments where their decisions or actions can have substantial consequences for individuals or property.

The law concentrates on situations where harm is most serious. It is a proportionate approach.

The single responsible operator idea is presented as a necessary correction to the diffuse nature of accountability that often arises when complex technologies are involved.

There are many actors in the lifecycle of an artificial intelligence system, including designers, suppliers, deployers and users.

Without clarity, victims are forced into lengthy disputes to determine who to sue.

By identifying one operator who stands as the primary respondent, the law provides a single entry point.

This operator is defined as the person or organisation who controls the functioning of the system and who gains from its operation.

That person can then pursue others through recourse if there are grounds to do so.

This civil liability framework, when applied to high risk systems, is designed to provide clear benefits.

It minimises overlapping responsibilities that often create barriers to compensation.

It enables the internalisation of risk by those who are best placed to manage it. Insurance can then be organised around this clear liability.

Costs can be anticipated and distributed, and disputes are less likely to become prolonged.

The study warns that the current legal environment, with its mixture of directives and national tort rules, is already producing fragmentation.

Different rules across Member States risk discouraging innovation and undermine trust.

The introduction of strict liability in a harmonised form is presented as a way to avoid that outcome. Legal certainty becomes possible when the same clear rules apply in every jurisdiction.

Efficiency is a recurring theme in the report. The goal is not only to compensate victims but to do so in a way that avoids unnecessary administrative complexity.

Strict liability changes the process from a slow and unpredictable assessment of fault to a straightforward rule.

This reduces litigation and lowers costs.

Businesses are able to plan, insure and manage risks with far greater confidence.

Victims are more likely to receive timely compensation.

Harmonisation is the other pillar of this proposal.

When rules are inconsistent, businesses face different obligations depending on where they operate.

This damages the integrity of the single market.

The study therefore argues that a single European framework for high risk systems is necessary.

It points out that while national solutions may seem responsive, they ultimately lead to barriers that prevent the cross border deployment of advanced technologies.

The analysis concludes that the strict liability model, when combined with a one stop model of responsibility, will create a simpler and more predictable system.

It will ensure that compensation can be provided quickly and uniformly while reducing the temptation for each Member State to develop different rules.

These proposals reflect a very deliberate choice: to create a framework that balances innovation with responsibility and that recognises that high risk systems require clarity at a European level.

TL;DR

• The study finds that the 1985 Product Liability Directive is not adequate for modern technologies. The rules make it difficult for victims to prove harm, while manufacturers avoid responsibility. Courts and victims rarely use these rules, relying instead on general tort or contract law, leaving gaps in protection.

• European institutions initially planned a two-pronged response: reform the Product Liability Directive and create AI-specific liability rules. Only the former has been updated. This decision leaves serious gaps for dealing with complex AI systems where cause and accountability are hard to establish.

• The study stresses that advanced AI systems expose weaknesses in current civil liability laws. The combination of human decisions and machine processes makes it hard to prove what went wrong. This complexity discourages victims from taking legal action and undermines confidence in redress mechanisms.

• The reformed Product Liability Directive introduces some procedural changes like disclosure and presumptions to help victims. However, it leaves the core framework unchanged and vague terms risk inconsistent decisions in courts. As a result, it does not ensure predictable or fair outcomes across member states.

• The report argues that without an AI-specific civil liability regime, member states will continue developing their own approaches. This leads to fragmented national rules, which create confusion and uncertainty for both consumers and businesses across the European Union.

• The report recommend clear civil liability rules that focus on high-risk AI systems and assign responsibility to a single operator. The report believes this would simplify compensation for victims, reduce litigation costs, support harmonisation and legal certainty, and make insurance solutions more effective.

We close this newsletter with an invitation to reflect on how these proposals may influence future accountability for artificial intelligence. Your thoughts and perspectives are welcome. Comment on this newsletter to share your views so we can continue to build informed and thoughtful conversations on this subject.

Leave a comment